North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: ICMP filtering, was Re: ICANN Targets DDoS Attacks
- From: Rafi Sadowsky
- Date: Wed Oct 30 01:17:10 2002
## On 2002-10-29 19:55 -0600 Rob Thomas typed:
RT> Hi, NANOGers.
RT> ] ICMP?
RT> I have my own thoughts on ICMP filtering, which you will find here:
RT> I don't claim to have correct thoughts, however, so input and suggestions
RT> are always welcome. :) If anyone could pick up a NANOG t-shirt for me,
RT> that would be welcome as well. :)
I find it hard to believe You have no thoughts about:
1) rate-limiting ICMP
2) passing ICMP "statefully"
(that is for example ICMP echo reply only accepted in reply to an ICMP echo)
3) DoS problems related to ICMP unreachables